1. Field of the Invention
The present invention relates to an apparatus and method for hierarchically connecting devices, and more particularly, to an apparatus and method for hierarchically connecting devices, in which a network can be efficiently managed by hierarchically connecting the devices.
2. Description of the Related Art
In line with developments in telecommunications systems, a variety of networks are now available. Especially, home networks, in which consumer electronics (CE) are connected to a network by adding telecommunication features thereto, are becoming popular.
In general, a home network is managed by a home network server, and devices included in the home network are directly connected to the home network server or are indirectly connected thereto via other devices connected to the home network server. In addition, the devices in the home network may be directly connected to each other without being connected to the home network server.
In an environment where various connections are available, such as a home network, authentication and approval must be carried out in order to establish a connection between devices. Generally, the authentication and the approval are carried out based on a fixed network.
FIG. 1 illustrates a mobile connection among related art devices.
A network configuration among devices centering around a device 0 is illustrated as an example.
The device 0 is the center of the network, and may function as a server.
A device 1 is directly connected to the device 0, and works as a relay indirectly connecting other devices to the device 0. For example, a device 6 may be indirectly connected to the device 0 via a device 5 and the device 1, and devices 2, 3, and 4 may be indirectly connected to the device 0 via the device 1.
In addition to the device 1, a device 10 and a device 8 are directly connected to the device 0, and work as relays indirectly connecting other devices to the device 0.
FIG. 2 is a flow chart illustrating a connection method among related art devices.
As illustrated as an example in FIG. 2, a first device is attempting a connection to a second device.
A method of completing the connection between the first device and the second device includes searching for a device that will work as a relay in order for the first device to detect the second device (S201), finding out whether the first device can be connected to the second device by transmitting a response to the search of the first device carried out by the second device (S211), making an attempt for the first device to be connected to the second device (S221), transmitting a response to the connection attempt from the second device to the first device (S231), and completing authentication and the connection based on the connection between the first and the second devices (S241).
Here, step S231 may be included in step S241 according to the type of protocol used in step S241 and the method of embodiment, and thus, may be omitted.
In step S241, authentication is executed between the first and the second devices using a cross authentication scheme, or in one of the devices using a one-way authentication scheme. For example, setting the first device to a server and the second device to a client, the first device may use the one-way authentication scheme when the second device wishes to use data in the first device.
Hereinafter, step S241 will be described in more detail with reference to FIG. 3.
FIG. 3 is a flow chart illustrating a process of completing authentication and connection between two devices.
The process of completing the authentication and the connection between the two devices includes determining whether authentication data is valid, checking whether a device to connect to is included in an connection-grant list if the connection-grant list exists, and checking whether the device to connect to is included in an connection-restriction list if the connection-restriction list exists. The order of steps may vary depending on the technical implementation of the present invention. For example, the connection-grant list and the connection-restriction list may be respectively checked, and then the validity of the authentication data may be determined. Hereinafter, the detailed information will be given for each step.
First, a first device determines whether authentication data of a second device is valid (S301). If the authentication data is not valid, the first device refuses to be connected to the second device. Otherwise, the next step S311 is executed.
In order to determine whether the authentication data is valid, if the first device transmits a challenge value to the second device that creates an electronic signature value, and the second device re-transmits it to the first device, the first device determines the electronic signature value.
If the authentication data is valid, the first device determines whether a connection-grant list exists (S311). If the connection-grant list exists, the fist device checks whether the second device is included in the connection-grant list (S313).
Here, if the second device is not included in the connection-grant list, the first device denies the connection to the second device. Otherwise, the next step S321 is executed.
The first device determines whether a connection-restriction list exists (S321). If the connection-restriction list exists, the first device checks if the second device is included in the connection-restriction list (S323).
The first device denies the connection to the second device when the second device is included in the connection-restriction list. Otherwise, the first device completes the connection to the second device (S331).
As described above, devices should use a connection-grant list or a connection-restriction list, and keep the lists up-to-date in order to complete a connection therebetween.
In order to keep the connection-grant list and the connection-restriction list up-to-date, the devices should exchange the lists or update them via a trusted central server. If the devices have the different connection-grant list or connection-restriction list, it is hard to establish and apply a consistent security policy.
Therefore, there is a growing need for a method of efficiently connecting devices.